Category Archives: Email Headers

Sending to Outlook.com Users gets more complicated

The arms race between spammers and Inbox Providers continues with Microsoft’s recent announcement of changes to Outlook.com bulk emailer rules. Fortunately, there is good news:

If you have already committed to Google and Yahoo Bulk Sender requirements, you are already covered. Keep doing what you are doing!

What are the specifics?

On May 5, 2025 you will be required to meet the following requirements to make the inbox when emailing Microsoft users (Office 365, Outlook, Hotmail):

  1. Authentication: All emails must pass SPF, DKIM, and DMARC to be delivered to Microsoft inboxes.
  2. Bulk email: Newsletters, surveys, and other marketing emails must allow recipients to opt-out and must support functional one-click unsubscribe. Plus, unsubscribe requests need to be processed within 48 hours. Remember, if you send more than 5,000 messages in a month, you will automatically be labeled a bulk sender.
  3. Sender addresses: Ensure your “From” or “Reply-To” address is valid and compliant, displays the actual sending domain, and can receive reply emails.
  4. List hygiene: Routinely review and update your recipient list to make sure your messages are NOT being sent to addresses that bounce or label your email as spam. Keeping a healthy marketing email list is vital to maintain a high delivery rate and sender reputation.

How Can MxToolbox Help?

MxToolbox’s Delivery Center helps you manage the complexities of DMARC Configuration and Management . Our comprehensive email delivery tools allow you to setup SPF, DKIM, and DMARC, implement a DMARC “reject” policy, maintain compatibility with changing Google, Yahoo! and Outlook.com sender requirements and manage emerging delivery issues.

A major tool in our suite of email delivery tools, Inbox Placement, allows you to test your outgoing email campaigns for over 50 different delivery issues, and notifies you if your campaigns are likely to go to the Spam/Junk folders or achieve the Inbox. In addition, Delivery Center Inbox Placement your Google spam rate and ensures tests that your campaigns meet one-click unsubscribe requirements at Google, Yahoo! and Microsoft Outlook.com.

MxToolbox is the Expert on email delivery. We offer a wide range of email delivery services, including a fully managed email delivery service, so be proactive now and take advantage of them before these Bulk Sender guidelines affect your email.

Will Microsoft follow Google and Yahoo on Bulk Sender Rules?

Google and Yahoo! announced and began implementation of Bulk Sender requirements earlier this year. When fully implemented*, these requirements will be an additional level of protection for their users, but also an additional complication for legitimate senders.

But, what is Microsoft, a major Inbox Provider, doing?

Microsoft has its own rules

Microsoft has historically gone their own way on everything. But, on email, they have had a vested interest in maintaining on-premise systems and gradually migrating these customers to the Cloud. With their growing investments in Cloud: Azure, Office365 and Outlook365, they have continued to march to the beat their own drum in how they filter incoming email.

Oddly, in some ways Microsoft was AHEAD of Google and Yahoo!

*As of June 2024, neither Google nor Yahoo! are filtering 100% of incoming email using their bulk sender rules. Instead, they have gradually introduced their bulk sender rules, providing feedback about potential bouncebacks and implementing the rules to a fraction of incoming email to allow legitimate senders to adapt.

Microsoft on the other hand, has implemented the following rules at 100%, since April:

  • If an email fails DMARC, it is marked as Spam
  • If an email has a “mixed” Bulk Complaint Level, it is dumped to Junk.

What are the differences?

Google and Yahoo!Microsoft
Bulk email must pass SPF, DKIM and DMARCAll Email must pass DMARC
Bulk email must have a maximum complaint level of 0.3%Bulk Complaint Level is “mixed”, the email is considered Junk
1-Click Unsubscribe button for all Bulk EmailNot yet required

Passing DMARC requires either passing DKIM or SPF checks. So, here Microsoft has a slightly lower bar than Google and Yahoo! for Bulk Email. However, it appears Google and Yahoo! are still accepting individual emails that fail DMARC and are not classified as Bulk. Read our article on the Differences between Bulk and Transactional email.

Bulk Complaint Level (BLC) is different calculation from the spam complaint level of Google and Yahoo! and Microsoft seems to have deliberately obfuscated their methodology. However, BCL is a similar metric and we expect Microsoft to adopt industry standard terminology and methodology.

Currently, Microsoft is missing the requirement for “1-Click Unsubscribe”. We expect Microsoft to adopt this standard quickly, as well. It is, after all, a simple regex amongst the numerous header and content scans they already perform.

TLDR: Microsoft has similar Inbox acceptance requirements to Google and Yahoo! Bulk Sender requirements. If you pass theirs, you should make inboxes hosted by Microsoft.

There is one major complication for senders to Microsoft Inboxes: Microsoft allows individual domain administrators to increase or decrease the sensitivity of the Spam and Bulk Complaint Level rules. This means that you might achieve the Inbox in for one Outlook365 subscribing domain and end up in Junk at another. Senders must therefore seek to be as clean as possible with their email hygeine.

How does MxToolbox Help?

MxToolbox Delivery Center is our suite of tools and monitors to actively manage your email deliverability across all Inbox Providers. We help you maintain an email delivery setup to get your message compliant with Inbox Provider rules and Bulk Sender requirements.

Use Inbox Placement to test your messages before sending. Inbox Placement will:

  • Analyze your headers for DMARC, SPF and DKIM compliance
  • Check your email for 1-Click Unsubscribe, a requirement of Google and Yahoo! bulk sender rules
  • Parse your message for common issues like spammy content, broken links and link shorteners
  • Visually display your email, graphically highlighting where your issues are.

MxToolbox Delivery Center provides the email configuration monitoring that you need to:

  • Monitor DMARC compliance rates
  • Constantly check your Gmail Spam rate
  • Analyze other potential reasons to miss the inbox
  • Notify you of issues while they’re occurring to enable quick resolution and damage control

Email is no longer fire-and-forget. It’s time to sharpen your email skills, develop your email technology muscles or the on-going email arms race will leave you behind.

Implementing 1-Click Unsubscribe

As part of Google and Yahoo!’s Bulk Sender requirements, emailers are required to provide a clear mechanism that allows a recipient to unsubscribe their email address from the sender’s mail lists with a single click conforming to RFC-8058.   One-click unsubscribe leverages the Email Header to provide a standardized approach including a secure URI for processing the unsubscribe request and a method to identify the recipient to unsubscribe.  If the email is trusted (contains a valid DKIM signature), then the Inbox Provider will surface this unsubscribe mechanism to the recipient

Benefits to Recipients

Recipients get an easy way to reduce their unwanted email.  They simply click on a link or button in their Inbox Provider’s UI and their email address is immediately unsubscribed from the campaign or they are taken directly to a page where they may select unsubscribe options.

Note:  This RFC requires that there be no intermediary login pages or cookies to track the incoming request.  They must go directly to an unsubscribe options page that includes a global unsubscribe option or be unsubscribed immediately with a confirmation page.

Benefits to Senders

Simplifying the unsubscribe process is actually very beneficial to senders.  You improve the quality of the contacts in your email database and improve your email reputation.  Removing low quality, poor performing email contacts allows you to focus your efforts on better prospects.

Improving your email reputation with major inbox providers is extremely important.  Recipients that do not want your email have several options:  ignore it, delete it, unsubscribe or mark it as spam.  When an email is marked as spam, it impacts your reputation with that Inbox Provider. By making the unsubscribing process as easy as marking the email as spam, recipients are more likely to unsubscribe to your legitimate email rather than classify it as spam.   A high rate of recipients marking your email as spam can classify all email from your domain as spam with an Inbox Provider.. 

Implementing 1-Click

Implementation of 1-Click Unsubscribe can be simple.  Many bulk email service providers have their own Unsubscribe systems.  These conform to CAN-SPAM and typically enable a simple single-click-to-unsubscribe mechanism that also meets the 1-Click requirements.  Simply follow the instructions for using the unsubscribe setup in your chosen bulk email service and you should be covered.  In addition, you will need to have a valid DKIM signature for email from this system.

If you are using more than one bulk email sending service or have other email sending services (Order Management, Customized Newsletters, etc), you may need to create your own 1-Click Unsubscribe system.  To be RFC compliant, this mechanism must:

  1. Have a URI that does not require a login to reach
  2. Can accept a unique opaque identifier for the user/email and campaign.
  3. Unsubscribes automatically or provides a Global Unsubscribe option

You must then configure the headers of all outbound emails with the following parameters:

  • List-Unsubscribe: The HTTPS URI the Inbox Provider will direct the recipient to including the unique opaque identifier.
  • List-Unsubscribe-Post:  List-Unsubscribe=One-Click

The email from these systems must also be DKIM compliant for the 1-Click Unsubscribe mechanism in the email header to be trusted.  

How can MxToolbox Help?

Tools like MxToolbox Delivery Center provide deep insight into your DMARC, SPF and DKIM configurations allowing you to meet basic requirements for Bulk Senders. But, more importantly, our Inbox Placement feature will analyze your DKIM headers to ensure that they are 1-Click Compliant and tell you if your campaigns are being sent to the Spam/Junk folders or actually making it to inboxes, as well as which Inbox Provider(s) you are having trouble sending to.

MxToolbox is the Expert on email delivery. We offer a wide range of email delivery services, including a fully managed email delivery service, so be proactive now and take advantage of them before these Bulk Sender guidelines affect your email.

Uncover your Email Problems with our Email Delivery Tools

Email delivery is probably the most important connection between Marketing Art and Information Technology. Whether your email is driving sales, connecting to vendors or simply for internal communications, an email that fails to make the Inbox is a failure of communications that can cost your business.

Email Health

A tool that is often overlooked yet is highly beneficial for your email deliverability is our Email Health Report. This tool executes hundreds of domain/email/network setup tests to ensure all of your systems are online and performing optimally. The report returns results for your domain and highlights critical problem areas that need to be resolved.

  • Get full visibility of your email’s health status in one concise report.
  • Identify every problem facing your email, including blacklist, mail server, web server, and DNS issues.
  • Be proactive about email health and detect any current email issues before they cause email failures.

Major MxToolbox Email Delivery Tools

Email delivery is a constantly changing technology landscape. Inbox providers change policies and technologies to protect their users and spammers change methods to get their unwanted messages read. MxToolbox is the Expert in Email Delivery and provides tools to better help you understand your legitimate email delivery issues.

  • Blocklist (IP or Host): The blocklist check tests a mail server’s IP address against over 100 DNS-based email blocklists.
  • DMARC Delivery Report: This tool creates comprehensive DMARC reports, providing insight into potential issues and any needed changes to your DMARC policy.
  • DMARC Report Analyzer: This option makes DMARC Aggregate XML reports human readable by parsing and aggregating them by IP address into helpful reports.
  • Email Bounceback Analyzer: This analyzer returns details regarding the bounce error, such as the inbox provider, why the message bounced, and additional information to help remedy the issue.
  • MTA-STS Lookup: This test checks a domain or hostname for an MTA-Strict Transport Security (MTA-STS) DNS TXT record and also for a valid MTA-STS policy.
  • Spam Analyzer: This tool uses the SpamAssassin software to analyze your message and return a spam score from over 711 various criteria.

Inbox Placement Analysis

Our Inbox Placement tool analyzes your campaign emails before you send them. We determine if the email will make the inbox at major Inbox Providers like Google, Yahoo! and Outlook.com/Office365. We also analyze important technology and soft factors like:

  • DMARC Compliance
  • Broken or copious links
  • Wordiness
  • Broken or too many images
  • Spammy verbiage
  • Other indicators of spam

Inbox Placement is a feature of all paid Delivery Center plans, so you can test your marketing emails and improve your DMARC compliance all in one place.

Does DMARC and email deliverability seem too complicated?

MxToolbox Experts are here with a Managed Services approach to your email configuration issues.

Validity goes behind a Paywall

Validity recently announced that their Universal Feedback Loop ARF reports were no longer a free service but going to be a paid subscription. They are replacing their individual ARF reports with a free aggregate report today.

What is Validity ARF Reports?

Abuse Reporting Format (ARF) is standard that allows Inbox Providers to provide Feedback or Recipient Complaint information to legitimate email senders. The data contained in a ARF report can be as limited as the subject of the email and number of complaints or may be highly detailed information, like:

  • Date and Time of the Complaint
  • Date and Time of the Email Sent
  • Subject of the email
  • Email Addresses Unsubscribing
  • Email Addresses Complaining
  • Email Addresses Failing
  • Type of Failure or Complaint

However, Validity ARF reports only contain minimally actionable information: Subject, Date and Type of Complaint and email header with obfuscated recipient data.

Who does the change affect?

MxToolbox Delivery Center customers with a Validity Feedback Loop/Complaint integration will lose access to new Validity data on September 22, 2023. MxToolbox is investigating the value of integrating with their free aggregate version of the Universal Feedback Loop systems or terminate the integration with Validity.

Our product team is constantly evaluating the potential for new integrations to ensure that our Recipient Complaints feature provides detailed, actionable insight to our customers. While Validity ARF reports contained some actionable insight when free, the impact when compared to DMARC data and other sources of Feedback Loops will be minor to most customers.

MxToolbox’s Stance

MxToolbox has always been an advocate for improving email delivery and an early adopter of DMARC and Feedback Loop aggregation technology. Feedback Loops were intended to be used to improve the quality of email and reduce the quantity of unwanted email, so, placing Feedback Loop and Complaint information behind a paywall seems like the wrong direction. The additional costs will be especially rough for small-to-medium businesses to bear.

MxToolbox Free Email Delivery Tools

MxToolbox has always been a provider of Free Email Delivery Tools. From our early days Blacklist Lookups and Monitors have been free to use. We continue to expand our suite of free tools to help businesses improve email delivery.

DKIM is no longer optional

DKIM has been around for more than a decade but was not widely used until the DMARC standard added DKIM alignment and authentication as one of it’s passing criteria. Even now, many of our customers are telling us that DKIM is difficult to implement and they view is as less important than a proper SPF configuration. However, a new trend is making DKIM an absolute email delivery requirement.

What is DKIM?

DKIM is a technology that allows email senders to cryptographically sign their outbound email. This signature can then be verified by the recipient as proof that the email was legitimately from the domain signing it and that the message was not altered during transit to the recipient system. You can learn more about DKIM on our blog.

How does DKIM work with DMARC?

For an email to be DMARC compliant (and therefore more likely to be accepted and make it to the Inbox), an email must either pass SPF checks or DKIM alignment and authentication checks. This allowed for some edge cases, for example: an email could fail SPF because the sending IP address was new or because Marketing adopted a new 3rd party email sender that was not in the SPF record, but if DKIM was properly implemented, it would still be DMARC compliant. Similarly, if DKIM was missing or if a forwarder had broken the DKIM signatures, then the email could be DMARC compliant if it passed SPF checks. When DMARC was still in the adoption phase, these allowances for edge cases made sense and are still part of the standard.

How did DKIM become necessary?

While the DMARC standard specifies a minimum threshold for compliance, Inbox Providers and businesses can set higher thresholds to protect their users. Our Experts are now seeing Inbox Providers and many large businesses require DKIM compliance as part of their inbound email vetting processes. Basically, if your email does not pass both SPF and DKIM compliance checks, you may not make the inbox.

Get DKIM compliant as soon as possible! The only downside is the cost of initial setup but the long-term (and potentially immediate) benefit of DKIM compliance means that you are more likely to get delivered and make the inbox.

How can MxToolbox help?

Our Experts are here to get you SPF, DKIM and DMARC compliant and help you manage the on-going maintenance that keeps your email delivery in peak form. MxToolbox Delivery Center has tools to get you DMARC compliant, test Inbox Placement and react to Recipient Complaints. Or leverage our expert team with Managed Email Services.

DKIM Signature Tags, A Primer

DKIM is a form of email authentication that allows an organization to claim responsibility for a message by signing it in a way that can be validated by the recipient. DKIM Authentication is an important part of DMARC compliance and obtaining the best email deliverability possible for your domain.

DKIM tags are located within the actual DKIM-Signature header data. A tag is typically a single letter followed by an equal sign (=). The value of each DKIM tag denotes a specific piece of intel about the email sender, the message itself, and its public key location.

There are several tags available to an email sender using DKIM, with some being required and some being optional. If a required tag is omitted in the DKIM signature, a verification error with the mailbox provider will occur. Of note, tags included in the DKIM signature that do not have a value assessed are treated as having an empty value. However, tags not included in the DKIM signature are treated as having the default value.

Required DKIM Tags

Below are the required tags of a DKIM-Signature header. Any DKIM signatures missing these tags will produce an error during the verification process.

  • v= version of DKIM standard being used. The value should always be set to 1.  
  • a= cryptographic algorithm used to generate the signature. The value should be rsa-sha256.
  • d= domain used with the selector record (s=) to locate the public key. The value is a domain name owned by the sender.
  • s= selector record name used with the domain to locate the public key in DNS. The value is a name or number created by the sender.
  • h= list of headers that will be used in the signing algorithm to create the hash found in the b= tag. The order of the headers in the h= tag is the order in which they were presented during DKIM signing; therefore, it is also the order in which they should be presented during verification. The value is a list of header fields that will not change or be removed.
  • bh= computed hash of the message body. The value is a string of characters representing the hash determined by the hash algorithm.
  • b= cryptographic signature of the headers listed in the h= tag. This hash is also called the DKIM signature.

Optional DKIM Tags

Recommended

Below are the optional tags that are typically recommended in a DKIM-Signature header. DKIM signatures missing these tags will not produce an error during verification, but they are recommended as a means to help identify spam.

Note: Spammers do not normally set time values. Empty or incorrect time values, such as an expiration time dated before the email timestamp, will cause some mailbox providers to reject the message.

  • t= DKIM signature timestamp. It is meant to indicate the time the message is sent. The format is the number of seconds from 00:00:00 on January 1, 1970 (UTC).
  • x= DKIM signature expiration time in the same format as above. The value of this tag must be greater than the value of the timestamp tag if both are used in the DKIM signature. DKIM signatures could be considered invalid if the verification time at the verifier is past the expiration date, so be sure not to set the expiration date too soon.

Not Required

Below are the optional tags that are not required in the DKIM signature.

  • c= canonicalization algorithm that defines to a mailbox provider what level of modifications may be present as the email is in transit to the mailbox provider. Modifications can include whitespace or line wrapping. Some email servers make minor modifications to the email during transit, which can invalidate the signature.
  • i= identity of the user or agent. The value is an email address containing the domain or subdomain as defined in the d= tag.

Not Recommended

Below are the optional tags that are not recommended in any DKIM signature.

  • l= number of characters from the message body that were used to compute the body hash (bh=). If this value is not present, it is assumed the entire message body was used. This tag can be difficult to control and could lead to verification errors.
  • z= list of the message’s original headers and may differ from the headers listed in the h= tag. This tag may be used by some mailbox providers in the process of diagnosing a verification error. Its value is not well defined.

MxToolbox Delivery Center helps you with DKIM Compliance

To maintain the highest levels of email deliverability using DKIM, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities.
  • Manage the on-going requirements of maintaining high levels of email deliverability

Has your email been Spoofed?

Email spoofing can harm your corporate brand, decrease open rates for your legitimate email, cause legitimate email to be blocked, compromise website security and even create financial complications.  No company is totally immune from malicious email spoofing using their domain, but there are ways to protect yourself.  Spoofing comes in a few different forms:

  • Simple Domain Spoofing – a spammer sends email that looks like it is from your domain, but originates from a server that you do not control or not in your SPF record.
  • Hacked SPF Sender – A spammer hacks a legitimate sender, one listed in your SPF records, and sends email that appears to be from you.  
  • Hacked Internal Account – A hacker compromises an internal email box and sends email via legitimate sources.  
  • Similar Domain Spoofing – A spammer sets up a complete domain that has a similar name to yours.  For example, “example.com” versus “exarnple.com” or “exampIe.com”.

Recently some fraudsters were brazen enough to attempt to spoof email from MxToolbox.com.  This illustrates how our experts (and MxToolbox Delivery Center Product) protect us from fraud and phishing and how we can protect your company too.  

DNS Configuration

Good email delivery and protection from fraud and phishing attempts requires expert management of your DNS.  Four DNS protocols are particularly important:

  • SPF allows you to delegate outbound email to 3rd parties.
  • DKIM allows you to crytographically sign email to take ownership of the email you send.
  • DMARC provides two very useful features:
    • Allows you to designate email addresses to receive feedback on your email delivery.
    • Allows you to set an email delivery policy for how inbox providers handle email that isn’t DMARC compliant with either SPF or DKIM.
  • BIMI allows you to provide an icon that inbox providers may display if your email passes DMARC with a strict DMARC policy

Our spoofer used IP addresses outside of our SPF so failed SPF checks and DMARC compliance.  Additionally, our DMARC policy is set to reject, so inbox providers knew to discard these failed emails immediately.  Our expertly configured DNS helped us reduce the impact of this attack on our email delivery, our customers and the non-customers targeted.

You might think that DNS configuration is all you need to protect your email delivery, but there is more.

Visibility

SPF, DKIM and DMARC Passing Rates

While DNS configuration is the most important first step in email deliverability, you need constant visibility into your email delivery status in order to protect your brand.  MxToolbox Delivery Center provides important insight into your email delivery posture with real-time statistics on SPF, DKIM and DMARC pass and fail rates across all your email senders, legitimate and fraudulent.  

In this case, MxToolbox Experts quickly noticed a spike in email from illegitimate sources.  Delivery Center reported this spike by analyzing DMARC reports approximately 24-48 hours before we began to receive bounceback notices from targeted inbox providers.  With strict ‘Reject’ DMARC policies in effect, our Expert team could rely on most inbox providers dumping these emails without delivery, however, we needed to analyze the potential risk.

Bounce Analysis

MxToolbox Delivery Center integrates a Bounceback analysis tool that allows us to analyze bounceback email messages from dozens of inbox providers to determine the reason an email failed to make it to the intended recipient.

bouncebacktool.JPG

Bounceback messages can help you understand recent attacks and prevent new ones.  For example, a bounceback due to Reverse DNS failure, as above, is an indicator that your spammer was using a server outside of your network and not listed in your SPF as was our recent spammer.  Bounceback messages can also provide insight into other reasons for delivery failure, including blacklisting, malware/spam content and more.

Feedback Loops

The newest visibility feature of MxToolbox Delivery Center incorporates Feedback Loops.  Feedback Loops allow Inbox Providers to return information from inbox owners to the original senders, including much of the original message header.  Analyzing message content and headers returned via feedback loops gives you unique insight into how your email is being perceived by recipients.  Did the recipient report you as spam?  Was the email actually fraudulent?  Was the content yours but appeared spammy?  Feedback loops are very powerful and a necessary part of maintaining high quality email delivery.  

Get ahead with Delivery Center

To maintain the highest levels of email deliverability, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the on-going maintenance necessary to maintain peak performance:

  • Who is sending email purporting to be from your domain
  • What is the reputation of your senders’ IPs
  • Geolocation of your senders and What their blacklist reputations are
  • How your SPF, DKIM and DMARC setup is performing
  • What senders are failing DKIM
  • What senders are failing SPF verification
  • When to setup more restrictive policies for DMARC
  • What on-going maintenance you need to maintain and improve your email deliverability

 

Office 365 Joins ARC

Microsoft is the latest prominent name to adopt the Authenticated Received Chain (ARC) email protocol.  The ARC standard is now available for every Office 365 hosted mailbox. Already used by Google (Gmail, G Suite, Groups) and other email providers, the continued adoption ARC improves email delivery and security.

What Is ARC?

ARC is a new protocol designed to provide an authenticated “chain of custody” for emails. Essentially, this initiative requires that each forwarding email system handles the message in a standard way to preserve the DKIM wrappers.  This allows each inbox provider in the chain to see what other intermediaries have handled it along the way and verify the DKIM signature of the message at each step throughout the delivery process.

ARC leverages the DMARC and DKIM email authentication standards to help fight email spoofing and improve email delivery for forwarded messages.  Prior to ARC, the chain of custody may or may not have been preserved for forwarded emails, resulting in legitimate mail being rejected.  With the implementation of ARC,  email forwarded to Office 365 will be more likely to be delivered as DKIM signatures will be preserved.

Seeing the Benefits of ARC

RFC 8617, specifies the ARC standard for inbox providers, but, what does that mean for business senders?  First, you need to adopt the basic email deliverability standards – SPFDKIM and DMARC.  If you have not already read it, MxToolbox has a great guide to setting up these protocols.  Once you have SPF, DKIM and DMARC setup, inbox providers that have adopted ARC will automatically process your email appropriately.  

MxToolbox Delivery Center provides everything you need to manage the on-going maintenance of email delivery.  Learn more about Delivery Center and how we can help you with email deliverability!

The ROI of Implementing DKIM on Outbound Email

For any business that sends email, becoming DMARC compliant should be a top priority. DomainKeys Identified Mail (DKIM) is a protocol that contributes to DMARC compliance and enables a company to take responsibility for sent messages by signing them cryptographically.  Recipients of DKIM-compliant email can then verify incoming email by the signature.  Essentially, DKIM establishes a trusted relationship – recipients know who the sender is because the sender is taking responsibility for the email.   While implementation might be complicated, if your company has not implemented DKIM for all active domains/subdomains and with all sending systems, you may be risking your email deliverability.

Benefits of DKIM

DKIM is all about ownership. If your business isn’t cryptographically signing its outbound messages, why should message recipients trust you? You aren’t taking ownership of what you send.  In today’s environment, there is too much risk in email.

On the other hand, if you are currently DKIM signing emails, your email is more likely to be delivered.  Recipient email servers are more confident allowing DKIM-signed messages to be delivered to the inbox, as DKIM is notoriously difficult to spoof.  With DKIM implemented, your business is in a better position and more protected from harmful spoofing and phishing attacks, which also safeguards your customer base.

In recent years, the DKIM protocol has become increasingly popular with many ISPs.  Major inbox providers like Yahoo! and Gmail were early adopters for outbound emailing.  Now, many ISPs use DKIM authentication as a method to filter incoming mail. In this case, a sender adds a digital signature within the email header that’s verified against a published key for the domain in question.

When a mail server receives an email, it evaluates the DKIM signature in the message header and then performs the following tasks:

  1. Retrieve the public key of the sending domain via DNS lookup
  2. Use the key to decrypt the electronic signature in the email header
  3. Verify the hash value for the content

In that sense, DKIM is a beneficial method of increasing both your company’s email deliverability and sender reputation since it allows the receiving mail server to verify your reliability. As DKIM’s prevalence grows, it’s wise (and advantageous) to adopt this technology.

DKIM Tools

At MxToolbox, email delivery is our passion. We provide a wide assortment of tools to help your business achieve optimal message deliverability to protect your brand and reach customers as intended. Our DKIM Record Lookup tool will test a domain name and selector for a valid published DKIM key record. Looking for a more comprehensive analysis?  Our Email Deliverability tool is a comprehensive deliverability report that analyzes your headers, blacklist reputation of outbound IP address, and SPF records. MxToolbox helps you identify any known issues related to DKIM. To receive achieve high delivery rates, implement DKIM today. As always, we’re here to help.